Google Play Security Reward Program Rules

The Google Play Security Reward Program recognizes the contributions of security
researchers who invest their time and effort in helping us make apps on Google Play more
secure. All Google’s apps are included and developers of popular Android apps are invited
to opt-in to the program. Interested developers who aren’t currently in the program should
discuss it with their Google Play partner manager. Through the program, we will further
improve app security which will benefit developers, Android users, and the entire Google
Play ecosystem.

How it works?

Reports follow this process:

Researcher identifies vulnerability within an in-scope app and reports it directly to
the app’s developer via their current vulnerability disclosure or bug bounty process. Visit
the program page on HackerOne for in-scope
apps.

Note: all qualifying reports sent to the Google or Chrome Vulnerability Reward Programs
will automatically be considered for a reward from the Google Play Security Reward Program.
There is no need to submit vulnerabilities submitted to Google again to the Google Play
Security Reward Program.

Legal points

We are unable to issue rewards to individuals who are on US sanctions lists, or who are in
countries (e.g. Crimea, Cuba, Iran, North Korea, Sudan, and Syria) on US sanctions lists.
You are responsible for any tax implications depending on your country of residency and
citizenship. There may be additional restrictions on your ability to enter depending upon
your local law.

This is not a competition, but rather an experimental and discretionary reward program. You
should understand that we can cancel the program at any time and the decision as to whether
or not to pay a reward has to be entirely at our discretion.

Of course, your testing must not violate any law, or disrupt or compromise any data that is
not your own.

To avoid potential conflicts of interest, we will not grant rewards to people employed by
Google or Google Partner companies who develop code for devices covered by this program.